package com.storlead.shiro.config;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @Author: Timo
 * @Date: 2019/2/15 15:19
 * @Description: 验证用户是否拥有资源权限
 */
@Slf4j
public class UrlPermissionsFilter extends PermissionsAuthorizationFilter {


    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        log.info(">>>>>>>UrlPermissionsFilter.isAccessAllowed");
        return super.isAccessAllowed(request, response, buildPermissionsFromRequest(request));
    }

    protected String[] buildPermissionsFromRequest(ServletRequest request) {
        log.info(">>>>>>>UrlPermissionsFilter.buildPermissionsFromRequest");
        HttpServletRequest servletRequest = (HttpServletRequest) request;
        String uri = servletRequest.getRequestURI();
        String tmpUri = uri.substring(1, uri.length());
        String reUri = tmpUri.substring(tmpUri.indexOf("/"), tmpUri.length());
        return new String[] { reUri };//返回请求URI
    }

}
